package com.guoxue.action.front;

import java.io.BufferedReader;
import java.io.File;
import java.io.FileNotFoundException;
import java.io.FileReader;
import java.io.IOException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseBody;

import com.alibaba.fastjson.JSONObject;
import com.aliyuncs.DefaultAcsClient;
import com.aliyuncs.exceptions.ClientException;
import com.aliyuncs.http.MethodType;
import com.aliyuncs.http.ProtocolType;
import com.aliyuncs.profile.DefaultProfile;
import com.aliyuncs.profile.IClientProfile;
import com.aliyuncs.sts.model.v20150401.AssumeRoleRequest;
import com.aliyuncs.sts.model.v20150401.AssumeRoleResponse;


@Controller
public class OSSTokenAction {
	
	//private static final long serialVersionUID = 5522372203700422672L;
	// 目前只有"cn-hangzhou"这个region可用, 不要使用填写其他region的值
	public static final String REGION_CN_HANGZHOU = "cn-hangzhou";
	public static final String STS_API_VERSION = "2015-04-01";
	
	
	@ResponseBody
	@RequestMapping(value="/getToken")
	public JSONObject getToken(HttpServletRequest request, HttpServletResponse response){
		JSONObject json = new JSONObject();
		try{
			
			String data = ReadJson(this.getClass().getResource("/").getPath()+"config.json");
			System.out.println("用户输入url:" + data);
			if (data.equals(""))
			{
				//response(request, response, "./config.json is empty or not found");
				json.put("configISemptyORnotfund", "config file is empty or not found ");
				return json;
			}
			//JSONObject jsonObj  = JSONObject.fromObject(data);
			JSONObject jsonObj  = JSONObject.parseObject(data);
			// 只有 RAM用户（子账号）才能调用 AssumeRole 接口
			// 阿里云主账号的AccessKeys不能用于发起AssumeRole请求
			// 请首先在RAM控制台创建一个RAM用户，并为这个用户创建AccessKeys
			String accessKeyId = jsonObj.getString("AccessKeyID");
			String accessKeySecret = jsonObj.getString("AccessKeySecret");
			// RoleArn 需要在 RAM 控制台上获取
			String roleArn = jsonObj.getString("RoleArn");
			long durationSeconds = jsonObj.getLong("TokenExpireTime");
			String policy = ReadJson(this.getClass().getResource("/").getPath()+jsonObj.getString("PolicyFile"));
			// RoleSessionName 是临时Token的会话名称，自己指定用于标识你的用户，主要用于审计，或者用于区分Token颁发给谁
			// 但是注意RoleSessionName的长度和规则，不要有空格，只能有'-' '_' 字母和数字等字符
			// 具体规则请参考API文档中的格式要求
			String roleSessionName = "alice-001";
			// 此处必须为 HTTPS
			ProtocolType protocolType = ProtocolType.HTTPS;
			JSONObject json2 = new JSONObject();
			try {
				final AssumeRoleResponse stsResponse = assumeRole(accessKeyId, accessKeySecret, roleArn, roleSessionName,
						policy, protocolType, durationSeconds);
				json2.put("status", "200");
				json2.put("AccessKeyId", stsResponse.getCredentials().getAccessKeyId());
				json2.put("AccessKeySecret", stsResponse.getCredentials().getAccessKeySecret());
				json2.put("SecurityToken", stsResponse.getCredentials().getSecurityToken());
				json2.put("Expiration", stsResponse.getCredentials().getExpiration());
				json.put("code", "200");
				json.put("message", "获取token成功");
			} catch (ClientException e) {
				json2.put("status", e.getErrCode());
				json2.put("AccessKeyId", "");
				json2.put("AccessKeySecret", "");
				json2.put("SecurityToken", "");
				json2.put("Expiration", ""); 
				json.put("code", "400");
				json.put("message", "获取token失败");
			}
			
			json.put("data", json2);
			System.out.println(json2);
		}catch(Exception e){
			e.printStackTrace();
		}
		System.out.println(json);
		return json;
	} 
	
	
	protected AssumeRoleResponse assumeRole(String accessKeyId, String accessKeySecret, String roleArn,
			String roleSessionName, String policy, ProtocolType protocolType, long durationSeconds) throws ClientException 
	{
		try {
			// 创建一个 Aliyun Acs Client, 用于发起 OpenAPI 请求
			IClientProfile profile = DefaultProfile.getProfile(REGION_CN_HANGZHOU, accessKeyId, accessKeySecret);
			DefaultAcsClient client = new DefaultAcsClient(profile);

			// 创建一个 AssumeRoleRequest 并设置请求参数
			final AssumeRoleRequest request = new AssumeRoleRequest();
			request.setVersion(STS_API_VERSION);
			request.setMethod(MethodType.POST);
			request.setProtocol(protocolType);

			request.setRoleArn(roleArn);
			request.setRoleSessionName(roleSessionName);
			request.setPolicy(policy);
			request.setDurationSeconds(durationSeconds);

			// 发起请求，并得到response
			final AssumeRoleResponse response = client.getAcsResponse(request);

			return response;
		} catch (ClientException e) {
			throw e;
		}
	}

	public static String ReadJson(String path){
        //从给定位置获取文件
        File file = new File(path);
        BufferedReader reader = null;
        //返回值,使用StringBuffer
        StringBuffer data = new StringBuffer();
        //
        try {
            reader = new BufferedReader(new FileReader(file));
            //每次读取文件的缓存
            String temp = null;
            while((temp = reader.readLine()) != null){
                data.append(temp);
            }
        } catch (FileNotFoundException e) {
            e.printStackTrace();
        } catch (IOException e) {
            e.printStackTrace();
        }finally {
            //关闭文件流
            if (reader != null){
                try {
                    reader.close();
                } catch (IOException e) {
                    e.printStackTrace();
                }
            }
        }
        return data.toString();
    }
    
	
}
